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DETAILED ACTION 

This action is in response to Applicant's amendment filed on 8/16/2007. The 
abstract and the specifications have been corrected to remove minor informalities. 
Therefore, the objection to the specification has been withdrawn. Independent claims 
1, 4 and 7 have been amended. Dependent claims 2-3, 5-6 and 8-9 have also been 
amended to correct minor informalities. As a result, objection to claims 1 , 4 and 7 have 
been withdrawn. Claims 1- 9 are now pending in the present application. The 
applicant's amendments are shown below in bold and italics, and the examiner's 
response to the amendments is shown in bold in this office action. This Action is 
made FINAL. 



Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 



Claims 1-9 are rejected under 35 U.S.C. 102(e) as being anticipated by Shaffer 
et al. (U.S. Patent Publication # 7,107,334 B1). 
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Consider claim 1, Shaffer et al. clearly show and disclose a method for testing a 
network syst e m device by controlling, by a data controller in a the network device, 
communication data transferred between an external device connected to the network 
device via a network and a plurality of virtual machines in the network device (Fig. 1 that 
shows a network system comprising client machine 102, networks 104 and 108, server 
110, and network device (router) 106 logically connected to test device 112 and 
capable of replicating and redirecting data packets to test device 112; Flowchart in Fig. 
2 that discloses how the router receives data packets, identifies the packets of interest 
to replicate, and transmits the original packets to server 110 and the replicated packets 
to test device 112; column 5, lines 10-16, 30-34, and 49-66; column 6, lines 4-7 and 13- 
15 that describe the same details), comprising: 

a reception step of receiving the communication data (Fig.1 showing data being 
received from client 102 to server 1 10 via router 106 and vice versa; Fig. 2, block 206 
showing packets of data being received; column 5, lines 12-16 which disclose the flow 
of data packets among client 102, router 106, and server 110); 
a judgment step of judging whether the received communication data coincides with a 
condition by referring to a test access control list which defines association between the 
condition concerning an attribute of the communication data and an action serving as a 
process of permitting or rejecting communication of the communication data (Fig. 2, 
block 208 showing a judgment step of identifying data packets of interest; block 210 
showing replication of the packets of interest (i.e. test packets), so that they may be 
redirected to the test device 112 acting as a virtual test machine, while the network is 
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operating with data being communicated between client 102 and server 110; column 5, 
lines 52-64 which disclose different means for identifying test packets for replication, 
including source and destination IP addresses in the packet header; thereby providing 
means equivalent to a test access control list); and 

an execution step of executing, when it is judged in the judgment step that the 
communication data coincides with the condition, the process serving as the action in 
the test access control list (Fig. 2, blocks 212 and 214 that show how the original 
packets are directed between the client 102, router 106, and server 110, whereas the 
replicated packets are transmitted to the test device 112; column 6, lines 13-15 
disclose the same details). 

Consider claim 2, and as applied to claim 1 above, Shaffer et al. disclose a 
method for testing a network syst e m device wherein the condition concerning the 
attribute of the communication data includes address information for identifying the 
location on the network of the external device or the network device serving as a 
transmitter or a receiver of the communication data (column 5, lines 55-64 which 
disclose that the source and destination IP addresses in the packet header may be 
used to identify the location on the network of the external device), and 
the judgment step includes judgment of whether address information included in the 
received communication data coincides with the condition concerning the attribute of the 
communication data (column 5, lines 52-55 which describe the judgment step of 
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identifying whether the packet is to be directed to the server 1 10 (or client 102) or test 
device 112). 

Consider claim 3, and as applied to claim 1 above, Shaffer et al. disclose a 
method for testing a network syst e m device further comprising an addition step of 
adding, to the received communication data, a necessary attribute forjudging whether 
the communication data coincides with the condition in the judgment step (Fig. 2, block 
214 which shows that the replicated packets are addressed to the test device 112 along 
second routing path; column 5, lines 55-61 and column 6, lines 13-15 that describe the 
same process, thereby disclosing that a new IP address (of test device 1 12) is being 
added to the replicated packets, so that the packets can be transmitted to the test 
device 112 based on the newly added IP address to their headers). 

Consider claim 4, Shaffer et al. clearly show and disclose a computer-readable 
medium encoded with a network syst e m device testing program for causing a computer 
to operate as a network device controlling communication data transferred between 
external devices interconnected via a network, the program causing the computer to 
perform a process (Claim 20; column 9, lines 18-29 that disclose a machine readable 
medium with program instructions to perform the functions related to the disclosed 
invention; Fig. 1 that shows a network system comprising client machine 102, networks 
104 and 108, server 110, and network device (router) 106 logically connected to test 
device 112 and capable of replicating and redirecting data packets to test device 112; 
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Flowchart in Fig. 2 that discloses how the router receives data packets, identifies the 
packets of interest to replicate, and transmits the original packets to server 1 10 and the 
replicated packets to test device 112; column 5, lines 10-16, 30-34, and 49-66; column 
6, lines 4-7 and 13-15 that describe the same details) comprising: 
a reception step of receiving communication data transmitted from one of the external 
devices or communication data transmitted from a virtual machine in the network device 
(Fig.1 showing data being received from client 102 to server 1 10 via router 106 and vice 
versa; Fig. 2, block 206 showing packets of data being received; column 5, lines 12-16 
which disclose the flow of data packets among client 102, router 106, and server 110); 
a judgment step of judging whether the received communication data coincides with a 
condition by referring to a test access control list which defines association between the 
condition concerning an attribute of the communication data and an action serving as a 
process of permitting or rejecting communication of the communication data (Fig. 2, 
block 208 showing a judgment step of identifying data packets of interest; block 210 
showing replication of the packets of interest (i.e. test packets), so that they may be 
redirected to the test device 112 acting as a virtual test machine, while the network is 
operating with data being communicated between client 102 and server 110; column 5, 
lines 52-64 which disclose different means for identifying test packets for replication, 
including source and destination IP addresses in the packet header; thereby providing 
means equivalent to a test access control list); and 

an execution step of executing, when it is judged in the judgment step that the 
communication data coincides with the condition, the process serving as the action in 
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the test access control list (Fig. 2, blocks 212 and 214 that show how the original 
packets are directed between the client 102, router 106, and server 110, whereas the 
replicated packets are transmitted to the test device 112; column 6, lines 13-15 
disclose the same details). 

Consider claim 5, and as applied to claim 4 above, Shaffer et al. disclose a 
computer-readable medium encoded with a network system cfe Wee testing program 
wherein the condition concerning the attribute of the communication data includes 
address information for identifying the location on the network of the external device or 
the network device serving as a transmitter or a receiver of the communication data 
(column 5, lines 55-64 which disclose that the source and destination IP addresses in 
the packet header may be used to identify the location on the network of the external 
device), and 

wherein the judgment step includes judgment of whether address information included 
in the received communication data coincides with the condition of the attribute of the 
communication data (column 5, lines 52-55 which describe the judgment step of 
identifying whether the packet is to be directed to the server 1 10 (or client 102) or test 
device 112). 

Consider claim 6, and as applied to claim 4 above, Shaffer et al. disclose a 
computer-readable medium encoded with a network syst o m device testing program 
further comprising: an attribute adding step of adding, to the received communication 
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data, a necessary attribute forjudging whether the communication data coincides with 
the condition in the judgment step (Fig. 2, block 214 which shows that the replicated 
packets are addressed to the test device 1 12 along second routing path; column 5, lines 
55-61 and column 6, lines 13-15 that describe the same process, thereby disclosing that 
a new IP address (of test device 112) is being added to the replicated packets, so that 
the packets can be transmitted to the test device 112 based on the newly added IP 
address to their headers). 

Consider claim 7, Shaffer et al. clearly show and disclose a n e twork syst e m 
t e st i ng apparatus device for controlling communication data transferred between 
external devices interconnected via a network (Fig. 1 that shows an apparatus for 
testing a network system comprising client machine 102, networks 104 and 108, server 
110, and network device (router) 106 logically connected to test device 112 and 
capable of replicating and redirecting data packets to test device 112; Flowchart in Fig. 
2 that discloses how the router receives data packets, identifies the packets of interest 
to replicate, and transmits the original packets to server 110 and the replicated packets 
to test device 1 12; column 5, lines 10-16, 30-34, and 49-66; column 6, lines 4-7 and 13- 
15 that describe the same details), comprising: 

reception means for receiving communication data transmitted from one of the external 
devices or communication data transmitted from a virtual machine in the network device 
(Fig.1 showing data being received from client 102 to server 1 10 via router 106 and vice 
versa; Fig. 2, block 206 showing packets of data being received; column 5, lines 12-16 
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which disclose the flow of data packets among client 102, router 106, and server 110, 
thereby providing the reception means); 

a test access control list which defines association between a condition concerning an 
attribute of the communication data and an action serving as a process of permitting or 
rejecting communication of the communication data when the communication data 
coincides with the condition; judgment means forjudging, by referring to the test access 
control list, whether the received communication data coincides with the condition (Fig. 
2, block 208 showing a judgment step of identifying data packets of interest; block 210 
showing replication of the packets of interest (i.e. test packets), so that they may be 
redirected to the test device 112 acting as a virtual test machine, while the network is 
operating with data being communicated between client 102 and server 110; column 5, 
lines 52-64 which disclose different means for identifying test packets for replication, 
including source and destination IP addresses in the packet header; thereby providing 
means equivalent to a test access control list); 

and execution means for executing the action in the test access control list when it is 
judged by the judgment means that the communication data coincides with the condition 
(Fig. 2, blocks 212 and 214 that show how the original packets are directed between the 
client 102, router 106, and server 110, whereas the replicated packets are transmitted 
to the test device 112, thereby disclosing the means for executing the invented 
processes; column 6, lines 13-15 disclose the same details). 
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Consider claim 8, and as applied to claim 7 above, Shaffer et al. disclose a 
n e twork syst e m t e st i ng apparatus device wherein the condition concerning the 
attribute(s) of the communication data includes address information for identifying the 
location on the network of the external device or the network device serving as a 
transmitter or a receiver of the communication data (column 5, lines 55-64 which 
disclose that the source and destination IP addresses in the packet header may be 
used to identify the location on the network of the external device), and 
the judgment means judges whether address information included in the received 
communication data coincides with the condition concerning the attribute(s) of the 
communication data (column 5, lines 52-55 which describe the judgment step of 
identifying whether the packet is to be directed to the server 1 10 (or client 102) or test 
device 112). 

Consider claim 9, and as applied to claim 7 above, Shaffer et al. disclose a 
network syst e m t e st i ng apparatus device further comprising attribute adding means for 
adding, to the received communication data, a necessary attribute for judging, by the 
judgment means, whether the communication data coincides with the condition (Fig. 2, 
block 214 which shows that the replicated packets are addressed to the test device 112 
along second routing path; column 5, lines 55-61 and column 6, lines 13-15 that 
describe the same process, thereby disclosing that a new IP address (of test device 
1 12) is being added to the replicated packets, so that the packets can be transmitted to 
the test device 112 based on the newly added IP address to their headers). 
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Response to Arguments 

Applicant's arguments filed 08/16/2007 have been fully considered but they are 
not persuasive. 

The examiner respectfully disagrees with applicant's arguments as the applied 
reference(s) provide more than adequate support and clarification. The examiner's 
rejection of 03/27/2007 is maintained. 

In reference to claims 1, 4 and 7, the examiner disagrees with the applicant's 
argument that Shaffer does not disclose any virtual machines in the network device 106. 
The virtual machines are no more than software code to perform the specified function 
of redirecting network data flow, which is also performed by the software in the router; 
although not specifically named as a virtual machine, but functionally equivalent 
nonetheless. 

In further reference to claims 1, 4 and 7, the examiner disagrees with the 
applicant's argument that Shaffer does not disclose network device receiving the 
communication data; judging based on a test access control list whether to permit or 
reject communication data; and take an action based on the action specified in the test 
access control list. As listed in the rejections for these claims, the network device 106 
receives communication packets from a client machine 102 and server 110 (column 5, 
lines 12-15); making judgment based on a test access control list whether to permit or 
reject communication data (column 5, lines 55-61 which disclose that the router 106 
only transfers those packets specifically destined to either server 1 10 or client 102, 



Application/Control Number: 10/765,868 Page 12 

Art Unit: 2143 

.discarding all other packets from being transferred to server 1 10 or client 102. Although 
not specifically referencing a test access control list (which in itself is derived from the 
source and destination IP addresses and ports contained in packet headers), the router 
does analyze the same fields contained in the same packet headers to arrive at the 
decision of permitting or rejecting received communication data. Furthermore, once the 
decision is made, the router takes action to transmit selected packets to either server 
1 10 or client 102 depending upon packet destination (column 6, lines 4-7). 

Claims 2-3, 5-6 and 8-9 also remain rejected based on their dependency on 
claims 1, 4 and 7 based on the Shaffer's teachings cited above. 

Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
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the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any response to this Office Action should be faxed to (571) 273-8300 or mailed to: 

Commissioner for Patents 
P.O. Box 1450 
Alexandria, VA 22313-1450 

Art Unit: 2143 

Hand-delivered responses should be brought to 

Customer Service Window 
Randolph Building 
401 Dulany Street 
Alexandria, VA 22314 

Any inquiry concerning this communication or earlier communications from the 
Examiner should be directed to Kishin G. Belani whose telephone number is (571) 270- 
1768. The Examiner can normally be reached on Monday-Thursday from 6:30 am to 
5:00 pm. 

If attempts to reach the Examiner by telephone are unsuccessful, the Examiner's 
supervisor, David Wiley can be reached on (571) 272-3923. The fax phone number for 
the organization where this application or proceeding is assigned is (571) 273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
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more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free) or 703-305-3028. 

Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist/customer service whose telephone 
number is (571)272-0800. 

Kishin G. Belani 
K.G.B./kgb 

October 15, 2007 




